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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings of claims in the application: 
Listing of Claims; 

1 . (Currently amended) A network data classifier configured to statistically 
classify data and comprising: 

one or more a network interfac e interfaces configured to receive packets carrying 

the data; 

a feature extraction hardware block coupled to the one or more network i nterfac e 
interfaces and configured to extract at least on e f e atur e a plurality of features from the received 

data; 

a statistical classifier coupled to the feature extraction hardware block and 
configured to statistically classify the data into any one of a plurality of data classes in 
accordance with the at least one extracted featitfe features: and 

a policy engine coupled to the statistical classifier and configured to define a rul e 
rules corresponding to the data ekss classes, wherein the statistical classifier is further 
configured to statistically classify the data at a same rate at which the network interface receives 
the packets. 

2. (Original) The network classifier of claim 1 wherein the rate at which 
the packets are received is greater than or equal to 100 Mbits/sec. 

3. (Currently amended) The network classifier of claim 1 further 

comprising: 

a flow identifier coupled to the one or more network interfaces and configured to 
identifying identify a flow to which each of the received packets belongs; 
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a flow assembler coupled to the flow identifier and configured to reorder the 
received packets such that the order of the reordered packets matches the order in which they 
were transmitted; and 

a flow database configured coupled to the flow assembler and configured to 
maintain a record for each identified flow. 

4. (Original) The network classifier of claim 3 wherein the record for 
each identified flow includes at least one of an identification number, source and destination 
addresses of the received packets, protocol identification number, information used by the 
feature extraction hardware block and information used by the statistical classifier. 

5 . (Original) The network classifier of claim 4 fijrther comprising: 
a host interface configured to receive the packets from a host system. 

6. (Original) The network classifier of claim 4 further comprising: 
a host interface configured to receive the data from a host system. 

7. (Original) The network classifier of claim 5 wherein the host interface 
is coupled to a device selected from a group consisting of microprocessor and network processor. 

8. (Original) The network classifier of claim 7 wherein the host system 
is selected from a group consisting of firewall, router, switch, network appliance, security 
system, anti-virus system, anti-spam system, intrusion detection system, content filtering system, 
mail server, web server, quality of service provisioner, and gateway. 

9. (Currently amended) The network classifier of claim 8 wherein the host 
system is coupled to at least one of the flow identifier, the flow assembler, the feature extraction 
hardware block, the statistical classifier, and the flow database via one or more application 
programming int e rfac e interfaces . 
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1 0. (Original) The network classifier of claim 1 wherein the feature 
extractor is programmable. 

1 1 . (Original) The network classifier of claim 1 wherein the statistical 
classifier is programmable. 

12. (Original) The network classifier of claim 1 wherein the pohcy engine 
is programmable. 

1 3 . (Original) The network classifier of claim 1 wherein the received data 
is one of messages, files, streams, documents, web pages, and e-mails. 

14. (Original) The network classifier of claim 1 wherein the network 
interface is configured to interface with at least one of an Ethernet network, a SONET network, 
and an ATM network. 

1 5 . (Original) The network classifier of claim 1 wherein the packets are 
received via an Internet Protocol (IP) network. 

16 . (Original) The network classifier of claim 1 wherein the feature 
extraction hardware block is configured to match extract features against a database of textual 
patterns. 

17. (Original) The network classifier of claim 3 wherein the statistical 
classifier is configured to correlate events between one or more data flows 

18. (Original) The network classifier of claim 1 1 wherein the statistical 
classifier includes at least one of linear discriminant classifier, artificial neural network classifier, 
support vector machine classifier, Bayesian network classifier, decision tree classifier; and 
nearest neighbor classifier. 

19 . (Original) The network classifier of claim 18 wherein the artificial 
neural network classifier is configured to operate in accordance with an activation fiinction 



Page 5 of 15 



Appln. No. 10/661,384 

Aradt. dated October 30, 2007 

Reply to Office Action of May 18, 2007 



PATENT 



selected from the group consisting of sigmoid function, hyperbolic tan function, Gaussian radial 
basis function, exponential radial basis function, and a non-linear function. 

20. (Original) The network classifier of claim 1 8 wherein the support 
vector machine classifier is configured to operate in accordance with a kernel fiinction selected 
from a group consisting of a linear projection function, polynomial function, piece-wise linear 
function, sigmoid function, Gaussian radial basis function, exponential radial basis fimction, and 
a non-linear transformation function. 

2 1 . (Original) The network classifier of claim 1 8 wherein the nearest 
neighbor classifier is configured to operate in accordance with a distance metric selected from a 
group consisting of Euclidean distance, Mahalanobis distance, and Manhattan distance. 

22. (Origmal) The network classifier of claim 1 8 wherein the statistical 
classifier further generates a probability associated with a multitude of classes for the received 
data. 

23. (Original) The network classifier of claim 22 wherein the statistical 
classifier classifies the received data for at least one of the applications selected from a group 

consisting of intrusion detection, content filtering, anti-spam, anti-virus, bandwidth 
management, quality of service provisioning, and network monitoring. 

24. (Original) The network classifier of claim 1 wherein the at least one 
feature is selected from a group consisting of indicator vector, histogram, multitude of statistics 
associated with the data, mathematical transformation, timing information, and network events. 

25. (Original) The network classifier of claim 3 wherein the feature 
extraction hardware block stores a history of the data it receives in the flow database, said history 
being used to extract the features from the received data. 

26. (Currently amended) The apparatus of claim 3 fiirthermore comprising: 
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a data flow multiplexer, the data flow multiplexer being coupled to the one or 
more of a plurality of network interfaces, the data flow multiplexer coupled to the one or more of 
a plurality of feature extraction hardware blocks d e vices , the data flow multiplexer providing for 
context switching between one or more of a plurality of data flows; and 

a data flow context database, the data flow context database coupled to the data 
flow multiplexer, the data flow context database providing for retaining of state of said one or 
more of a plurality of data flows for said context switching. 

27. (Currently amended) The apparatus of claim 1, wherein said statistical 
classifier further comprises: 

a lookup table configured to store weights for a multitude of events associated 
with the network data; 

an adder coupled to add the weights it receives from the look-up table; 
a register configured to store a value; 
an accumulator; and 

a multiplexer having a first input terminal and a second input terminal and 
configured to deliver to the accumulator one of the added weights it receives from the adder at its 
first input terminal and the value it receives from the register at its second input terminal, the 
accumulator fiirther configured to supply a summation of the added weights to the adder. 

28. (Original) The integrated circuit of claim 27 furthermore comprising: 
a hardware logic block configured to apply one of linear and non-linear functions 

to the summation stored in the accumulator. 

29. (Original) The integrated circuit of claim 28 wherein the hardware 
logic block is configured to apply a non-linear function to the summation stored in the 
accumulator using lookup table. 

30. (Original) The integrated circuit of claim 28 wherein the hardware 
logic block is formed in a programmable device. 
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3 1 . (Original) The integrated circuit of claim 28 wherein the register is 

programmable. 

32. (Original) The integrated circuit of claim 28 wherein the hardware 
logic block is programmable. 

33-39. Canceled. 

40. (Currently amended) A method for statistically classifying data, the 
method comprising: 

receiving packets carrying the data; 

extractin g at least on e f e atur e a plurality of features from the received data; 

statistically classifying the data into a plurality of data classes in accordance with 
the at least one extracted featur e features and at a same rate at which the packets are received; 
and 

applying-a-Fule rules corresponding to the data ekss classes . 

41 . (Original) The method of claim 40 wherein the rate at which the 
packets are received is greater than or equal to 100 Mbits/sec. 

42. (Original) The method of claim 40 further comprising: 
identifying a flow to which each of the received packets belongs; 
reordering the received packets such that the order of the reordered packets 

matches the order in which they were transmitted; and 

maintaining a record for each identified flow. 

43. (Original) The method of claim 42 wherein the record for each 
identified flow includes at least one of an identification number, source and destination addresses 
of the received packets, protocol identification number, information used for extracting the at 
least one feature extractor and mformation used to statistically classify the data. 

44. (Original) The method of claim 43 fiirther comprising: 
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receiving the packets from a host system. 

45. (Original) The method of claim 43 further comprising: 
receiving the data from a host system. 

46. (Original) The method of claim 44 wherein the host system is selected 
from a group consisting of microprocessor and a network processor. 

47. (Original) The method of claim 46 wherein the host system is selected 
from a group consisting of firewall, router, switch, network appliance, security system, anti-virus 
system, anti-spam system, intrusion detection system, content filtering system, mail server, web 
server, quality of service provisioner, and gateway. 

48. (Original) The method of claim 46 fiirther comprising: 
coupling the host system to one or more application programming interfaces. 

49. (Original) The method of claim 40 wherein the received data is one of 
messages, files, streams, documents, web pages, and e-mails. 

50. (Original) The method of claim 40 wherein the packets are received 
via one of an Ethernet network, a SONET network, and an ATM network. 

5 1 . (Original) The method of claim 40 wherein the packets are received 

via an hitemet Protocol (IP) network. 

52. (Original) The method of claim 40 ftirther comprising: 
matching the extract features against a database of textual patterns. 

53. (Original) The method of claim 42 further comprising: 
correlating events between one or more data flows. 

54. (Original) The method of claim 53 wherein the statistically classifying 
of the data is carried out using a statistical classifier that includes at least one of linear 
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discriminant classifier, artificial neural network classifier, support vector machine classifier, 
Bayesian network classifier, decision tree classifier; and nearest neighbor classifier. 

55. (Original) The method of claim 54 wherein the artificial neural 
network classifier is configured to operate in accordance with an activation fiinction selected 
from the group consisting of sigmoid function, hyperbohc tan function, Gaussian radial basis 
function, exponential radial basis function, and a non-linear function. 

56. (Original) The method of claim 54 wherein the support vector 
machine classifier is configured to operate in accordance with a kernel fianction selected fi-om a 
group consisting of a linear projection function, polynomial function, piece- wise linear function, 
sigmoid function, Gaussian radial basis function,, exponential radial basis fianction, and a non- 
linear transformation function. ., 

57. (Original) The method ofclaim 54 wherein the nearest neighbor 
classifier is configured to operate in accordance with a distance metric selected from a group 
consisting of Euclidean distance, Mahalanobis distance, and Manhattan distance. 

58. (Original) The method of claim 54 wherein the statistical classifier 
further generates a probability associated with a multitude of classes for the received data. 

59. (Original) The method of claim 58 wherein the statistical classifier 
classifies the received data for at least one of the applications selected from a group consisting of 
intrusion detection, content filtering, antivirus, bandwidth management, quality of service 
provisioning, anti-spam, and network management. 

60. (Original) The method of claim 40 wherein the at least one feature is 
selected from a group consisting of indicator vector, histogram, multitude of statistics associated 
with the data, mathematical transformation, timing information, and network events. 

6 1 . (Currently amended) The method of claim 42 further comprising: 
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Stor e s storing a history of the received data, said history being used to extract the 

features from the received data. 

62. (Original) The method of claim 42 further comprising: 
multiplexing the data so as to provide for context switching between one or more 
of apluraUty of data flows; and 

retaining states of said one or more of a plurahty of data flows for said context 

switching. 
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